International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News item: 19 May 2015

John Mattsson
ePrint Report ePrint Report
GCM is used in a vast amount of security protocols and is quickly becoming the de facto mode of operation for block ciphers. In this paper we suggest several novel improvements to Fergusons\'s authentication key recovery method and show that for many truncated tag sizes, the security levels are far below, not only the current NIST requirement of 112-bit security, but also the old NIST requirement of 80-bit security. We therefore strongly recommend NIST to make a revision of SP 800-38D.

Expand

Additional news items may be found on the IACR news page.